edgetpu/priv_app.te - device/google/gs101-sepolicy - Git at Google

 # Allows privileged applications to discover the EdgeTPU service.
 allow priv_app edgetpu_app_service:service_manager find;

 # Allows privileged applications to discover the NNAPI TPU service.
 allow priv_app edgetpu_nnapi_service:service_manager find;

 # Allows privileged applications to access the EdgeTPU device, except open,
 # which is guarded by the EdgeTPU service.
 allow priv_app edgetpu_device:chr_file { getattr read write ioctl map };

 # Allows privileged applications to access the PowerHAL.
 hal_client_domain(priv_app, hal_power)
	# Allows privileged applications to discover the EdgeTPU service.
	allow priv_app edgetpu_app_service:service_manager find;

	# Allows privileged applications to discover the NNAPI TPU service.
	allow priv_app edgetpu_nnapi_service:service_manager find;

	# Allows privileged applications to access the EdgeTPU device, except open,
	# which is guarded by the EdgeTPU service.
	allow priv_app edgetpu_device:chr_file { getattr read write ioctl map };

	# Allows privileged applications to access the PowerHAL.
	hal_client_domain(priv_app, hal_power)